CNNVD-202510-1343 Information

Oct 09, 2025 cve

CNNVD ID

CNNVD-202510-1343

CVE-2025-11539

  • CNNVD Published: 2025-10-09

Description (Chinese)

grafana-image-renderer是Grafana开源的一个 Grafana 后端插件。 grafana-image-renderer 1.0.0版本至4.0.16版本存在安全漏洞,该漏洞源于/render/csv端点未验证filePath参数,可能导致远程代码执行。

Description (English)

gravaana-image-renderer is a Grafana backend plugin for the Grafana Open Source. There is a security loophole in versions 1.0.0 to 4.0.16 from /render/csv endpoints that do not validate filePath parameters, which may lead to remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Grafana

Published

2025-10-09

Last Modified

2026-02-24

References

https://github.com/grafana/grafana-image-renderer/releases/tag/v4.0.17 https://grafana.com/security/security-advisories/cve-2025-11539/ https://access.redhat.com/security/cve/cve-2025-11539 https://vigilance.fr/vulnerability/Grafana-Image-Renderer-Plugin-code-execution-via-render-csv-48427

Patch

https://grafana.com/grafana/

Share on: